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BACKGROUND OF THE INVENTION 



1. Field of the Invention : The present invention generally relates to data base 
management systems and more particularly relates to enhancements for providing access 
to data base management systems via internet user terminals. 

2. Description of the prior art : Data base management systems are well known in the 
data processing art. Such commercial systems have been in general use for more than 20 
years. One of the most successful database management systems is available from 
Unisys Corporation and is called the Classic MAPPER® data base management system. 
The Classic MAPPER system can be reviewed using the Classic MAPPER User ! s Guide 
which may be obtained from Unisys Corporation. 

The Classic MAPPER system, which runs on proprietary hardware also available 
from Unisys Corporation, provides a way for clients to partition data bases into structures 
called filing cabinets and drawers, as a way to offer a more tangible format. The Mapper 
data base manager utilizes various predefined high-level instructions whereby the data 
base user may manipulate the data base to generate human-readable data presentations 
called "reports". The user is permitted to prepare lists of the various predefined high- 
level instructions into data base manager programs called "Mapper Runs":. Thus, users 
of the Classic MAPPER system may create, modify, and add to a given data base and 
also generate periodic and aperiodic reports using various Mapper Runs. 

However, with the Classic MAPPER system, as well as with similar proprietary 



data base management systems, the user must interface with the data base using a 
terminal coupled directly to the proprietary system and must access and manipulate the 
data using the Mapper Run command language of Classic MAPPER. Ordinarily, that 
means that the user must either be co-located with the hardware which hosts the data base 
management system or must be coupled to that hardware through dedicated telephone, 
satellite, or other data links. Furthermore, the user usually needs to be schooled in the 
command language of Classic MAPPER (or other proprietary data base management 
system) to be capable of generating Mapper Runs. 

Since the advent of large scale, dedicated, proprietary data base management 
systems, the internet or world wide web has come into being. Unlike closed proprietary 
data base management systems, the internet has become a world wide bulletin board, 
permitting all to achieve nearly equal access using a wide variety of hardware, software, 
and communication protocols. Even though some standardization has developed, one of 
the important characteristics of the world wide web is its ability to constantly accept new 
and emerging techniques within a global framework. Many current users of the internet 
have utilized several generations of hardware and software from a wide variety of 
suppliers from all over the world. It is not uncommon for current day young children to 
have ready access to the world wide web and to have substantial experience in data access 
using the internet. 

Thus, the major advantage of the internet is its universality. Nearly anyone, 
anywhere can become a user. That means that virtually all persons are potentially 
internet users without the need for specialized framing and/or proprietary hardware and 



software. One can readily see that providing access to a proprietary data base 
management system, such as Classic MAPPER, through the internet would yield an 
extremely inexpensive and universally available means for accessing the data which it 
contains and such access would be without the need for considerable specialized training. 

There are two basic problems with permitting internet access to a proprietary data 
base. The first is a matter of security. Because the internet is basically a means to 
publish information, great care must be taken to avoid intentional or inadvertent access to 
certain data by unauthorized internet users. In practice this is substantially complicated 
by the need to provide various levels of authorization to internet users to take full 
advantage of the technique. For example, one might have a first level involving no 
special security features available to any internet user. A second level might be for 
specific customers, whereas a third level might be authorized only for employees. One or 
more fourth levels of security might be available for officers or others having specialized 
data access needs. 

Existing data base managers have security systems, of course. However, because 
of the physical security with a proprietary system, a certain degree of security is inherent 
in the limited access. On the other hand, access via the internet is virtually unlimited 
which makes the security issue much more acute. 

Current day security systems involving the world wide web involve the 
presentation of a user-id. Typically, this user-id either provides access or denies access in 
a binary fashion. To offer multiple levels of secure access using these techniques would 
be extraordinarily expensive and require the duplication of entire databases and or 



substantial poiiions theieoL in general, the advantages of utilizing the world wide web 
in this fashion to access a proprietary data base are direciiy dependent upon the accuracy 
and piecision of the secuiity system involved. 

The second majoi pioblem is imposed by the internet piotocol itself. One of the 
5 chaiacteiisiics of the inteinet which makes it so uiiiveisal is that any single iiansaciion m 
HTML language combines a single transfer (or request) from a user coupled wiih a 
single lesponsc fiom the internet seivei. In geneial, theie is no means foi linking 
multiple Liansfcis (oi lequests) and multiple iesponses. in this mannei, the internet 
utilizes a uansactioii model which may be lefcncd to as "stateless'. Tins limitation 
10 ensures thai the internet, its users, and its seivers remain suwcienuy muepeuueni uunng 
opeiaiion tiiat no one entity oi giuup of entities can unduly delay oi "hang-up" the 
communications system oi any of its majoi components. Each tiansuiissions lesuits in a 
icniiiiiaiioii of the tiaiisactioii. Thus, iiicie is no genciai puipoSe meaiiS to link data 
from one internet iiansaciion to another, even though in ceriaiu specialized applications 
15 limited amounts of data may be coupled using "cookies" oi via attaching data io a 
specific HTML scieeu. 

Kowcvei, some of the most powciful data base management functions oi sei vices 
of necessity reiy on coupling data from one transaction to anoiher in dialog fashion. In 
fact this linking is of the essence of Mappei Runs which assume change of state fiom 
20 one command language statement to the nexi. Tiue statelessness fiom a Gist Mappei 
COuiHianu to Hie next Oi Subsequent Mappei COniiuanu would picCiude inuCii of the 

power of Classic MAPPER (or any other modern data base management system) as a 



daia base management tool ami would eliminate data base managemeui as we now know 
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The piesent invention oveicomes the disadvantages of the piioi ait by pioviding a 
method of mid appaiatus foi utilizing the powei of a full featuied daia base management 
System by a uSCi at a tcimiiial Coupled to the vvond wide web oi internet. Iii oidet to 
permit any such access, the present invention must first pioviue a user interface, called a 
gateway, which tiansiates tiausaciion data tiansfciied fiom the usei ovei the internet in 
HTML foimai into a foimat fiom which data base management system commands and 
inputs may be geiiefatcd. The gateway uiuSt also couvejt the data base uiauagcmeut 
system responses and outputs into an HTML document for display on the user's internet 
teiminaL Thus, as a minimum, the gateway must make these foimat and pioiocoi 
couveisions* In the piefened embodiment, the gateway lesides in the web seivei 
Coupled to the uSct via the wOnd wide web and Coupled to piopiietaiy data base 
m ail ag£ Hl£ Tit SyStcixl. 

To make access* to a piopiietaiy data base by internet uscis piacticai, a 
sophisticated secuiity system is lequiied to pievent intentional oi iuadveitent 
urtautiioMzed access to die sensitive data of an oigauizatioii. As discussed above, such a 
secuiity system should provide multiple levels of access io accommodate a varieiy of 
auihoiized usei categoiies. In the piefened embodiment of the pieseut invention, lathei 
man ueirmng seveiaj leveis or uata eiassmcauon, ine uiueient classes oi useis aie 
managed by identifying a secuiity piofile as a portion of those service lequestS iequiiing 
access io secure data. Tims, the security profile accompanies ihe data/service to be 



acceded- The user simply need provide a usei-id which corieiaies io the access 
peimiited. This permits certain levels of data to be accessed by one or more of ihe 
sevexai classes of usei* 

In ihe piefened mode of practicing ihe pieseni invention, each usei-id is 
5 COiielaied with a secuiity piOnie. Upon piepaiauon of the seivice tequesi which 

provides iniernei access to a given portion of ihe data base, ihe service requesi developer 
specifies which secuiity piofiles aie peiniiiied access to ihe daia 01 a portion thereof. 
The seivice lequesi deveiopei can subsequently modify the accessibility of any secuiity 
profile. The utility of the system is greatly enhanced by permitting the service requesi 

10 developer io provide access to predefined poriions of the data, rather ihan being limited 
to permit 01 deny access to all of ihe daia involved. 

Whereas the gateway and the secuiity system are ihe minimum necessary to 
permit the most rudimentary form of communication between the inieiriei tcnniual of 
ihe usei and the proprietary data base management system, as explained above, the 

15 internet is a "stateless ' communication system; ihe addition of the gateway and the 

security system do not change this statelessness. To unleash the teal powei of the data 
base management system, the communication pioiocoi between the data base arid the 
user requires functional interaction between the various daia transfers. 

The present invention adds state management io this environment. Instead of 

20 consideiing each tiansfei uom the internet usei coupled with the corresponding seivei 

icsponse as an isolated transaction event as defined by the world wide web, oiie Oi iiiOic 
related service requests may be functionally associated in a seivice requesi sequence as 
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defined by die data base management system into a dialog. 

A repository is established to stoie the slate of the seivice request sequence. As 
such, the lepositoiy can stoie intemicdiaie lequesis and icsponses, as well as oihei data 
associateu witn tne seivice xequest sequence, rnus, tne lepositoiy uuiieis conimanus, 
data, and iuteiinediate pioductS utilized in lOiniatiiiig subsequent data base management 
service requests and in formatting subsequent HTML pages to be displayed to the user. 

The iiansaction data in HTML foimai received by the seivei from the usei, along 
with the slate iiifoimation stoied in the lepositoiy, aie pioccssed by a seivice handiei 
hi to a sequence of seivice icqueSts iii the command language of the data base 
management system. Sequencing and control of the data base management system is via 
an administration module. 

Through the use of the repository to store the state of the seivice request 
sequence, the service handler to generate data base management command language, 
and the administration module , the world wide web user is capable of performing each 
and every data base management function available to any user, including a user from a 
pioprietaiy terminal having a dedicated communication rink which is co-located with the 
proprietary data base management system hardware and software. In addition, the data 
base management system user at the world wide web terminal is able to accomplish this 
in the HTML protocol, without extensive training concerning the command language of 
the data base management system. 
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BRIEF DESCRIFTiv/m w inr, uRAni^uo 

Gthei objects of the picsent invention and many of the attendant advantages of 
the pieseut invention will be leadily appieciated as the same becomes bettci undeistood 
5 by lcfeiciice to the following detailed description when COiisidcieu iii connection with the 
accompanying drawings, in which like reference numerals designate iike parts throughout 
the figuies theieof and wheiein: 

FIG. 1 is pictOgiaphic view of the Cool ICE System Coupled between a uSei On the 
woiid wide web and an existing piopiietaiy data base management system; 
10 Fig. 2 is a schematic di awing showing the Opciaiion of a multi-level security 

system in accoidance with the pxefened embodiment of the piesent invention; 

Fig. 3 is a pictogiaphic view of the haidwaie of the ptefeued embodiment, 
Fig. 4 is a semi-schematic diagiam of the opeiation of the Cool ICE system; 
Fig. 5 is an oveiali schematic view of the softwaie of the Cool ICE system; 
15 Fig. 6 is a schematic view of a seivice request; 

Fig. 7 shows a schematic view of a service iequcst sequence, 
Fig. S is a diagiammatic compaiison between a dialog-based stiuctuie and a 
service-based structure; 

Fig. 9 is a detailed diagiam of the stoiagc and utilization of state infoimatiou 
20 within the repository; 

Fig. 10 is a detailed diagiam showing secuiity pioffie veiification duiing a seivice 

request; 

lr 



Fig. il is a schematic diagram showing access to a given data base using diffeient 
secuiity piofiles; 

Fig. 12 is a view of the initial Cooi ICE Administration window; and 
Fig. 13 is a view of the window piovidiiig 101 definition and modification of data 
access by secuiity piofile* 



DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 



The piesent invention is desciibed in accoidancc with seveiai piefened 
embodiments which aie to be viewed as illuSuative without being limiting. These Seveiai 
preferred embodiments are based upon Series 2200 haidware and operating systems, the 
Classic MAPPER data base management system, and the Cool ICE softwaie 
components, all available fiom Unisys Coipoiaiion. 

Fig- I is an overall pictographic lepresentation of a system 10 permitting access to 
a piopiietaiy data base management system via an internet teiminai. Existing data bases 
aiid applications 12 lepieseiitS COiiimeicialiy available haidwaie aiiu softwaie Systems 
which typically provide select users with access to proprietary data and data base 
management functions. In the piefened embodiment, existing data bases and 
applications 12 lepiesents Seiies 2200 haidwaic and opeiating system containing one oi 
iiiOie data bases piepaied using Classic MAPPER data base management System, all 
available from Unisys Corporation. Historically, existing daia bases and applications 12 
could only be accessed fiom a dedicated, diiect temhnal link, eithei physically co-located 
with the oihei system elements oi connected theieto via a secuied dedicated telephonic, 
satellite, or fiber optic link. 

With the preferred mode of the present invention, communication between new 
web application tciminai 14 and existing data bases and applications 12 is facilitated. As 
discussed above, this pemiits neaily univeisai access by useis woild wide without 

-t >•> 
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specialized naiuwaie anu/or user naming, ine usei eneeis tne access using sianuaruizeu 
HTML transaction language through worid wide web link 16 to ihe Cool ICE system 20, 
which selves as a woiid wide web scivei lo woild wide web link 16. 

Cool ICE system 20 appeals to existing data bases and applications 12 as a data 
base management System piOpiictaiy usei tciiiiiiial Ovci dedicated liiik 18. Oftentimes, 
dedicaied link IS is an intranet or other localized network link. Cooi ICE system 20 is 
cuiicntly available in commeicial roim without the piesent invention as Cool ICE 
Revision Level LI bom Unisys Coipoiatiou. 
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rig. l is a uasic scnematic uiagiam ui sccunty system ol tne pieicncu mouc or 
the present invention. By way of CAaiiipIc, there arc four catcgoiics of service defined, 
each with its own functionality and poition of the data base. Service A 36 contains data 
5 and functions which should only be made available to customers. Seivice B 38 contains 
data and functions which should only be made available to custonieis oi employees. 
Service C 40 Contains data and functions which should Only be made available to 
employees, and Service D 42, containing the least restrictive data and functions may be 
made available to anyone, including the geneial public. 
yiO in a typical application, Scivicc D 42 might contain the geneial home page 

information of the enterprise. It will consist of Only the most public of information. It is 
U\ likely to include the name, address, e-mail addiess, and phone number of the enterprise, 

yji along with the most public of the business details. Usually, Seivice D 42 would include 

H means of presenting die information in a sufficiently interesting way to entice the most 

E3f5 casual of the public uSei to make further iriquiiy and thus become liiOie involved with 
S die objectives of the enterprise. Service D 42 represents the lowest level of security with 

data and functions available to all. 

Seivice C 40 is potentially the highest level of classification. It contains data and 
functions which caii be made available only to employees. Iii actual piaCtice, this might 
20 entail a number of sub levels corresponding to the various levels or authority of the 
vaiious employees. Howevei, some services may be so sensitive that the enteipiise 
decides not to piovidc any access via the internet. This might include such things as 



strategic planning data and Look, advanced financial piedictions, specific information 
regarding individual employees, marketing plans, etc. Tiie penally for this exirenie 
secuiity mcasuie is thai even aulhoiized individuals aie prohibited fiom accessing these 
seivices via the internet, and they must take the tiouble to achieve access via an oid- 



^0 roi customer access only is Service A 36. Une would expect marKetmg 

infoimation, along with specific account information, to be available here. 

These four service levels (i.e., Sendee A 36, Service B 38, Service C 40, and 
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fashioned dedicated link. 



Customers and employees may shaie access to Seivice B 38. Nevertheless, these 
data and functions aie sufficiently sensitive that they aie not made public. Seivice B 38 
likely piovides access to pioducl specifications, deliveiy schedules and quantities, and 
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Service D 42) are regulated in accordance wrtn niree secumy premies, me lowest levei 
of security does not require a security profile, because any member of the genera} public 
may be gi anted access. This can be readily seen as guest category 28 (e.g., a member of 
S the public) can directly access Service D 42. Of course, all other categories of riser may 

also directly access Service D 42, because all members of the more restrictive categories 
(e.g., customers and employees) are also members of the general public (i.e., the least 
restrictive category). 

20 Security Piofile #1, 30 permits access to Service A 36 if and only if the requestor 

seeking access is a customer and therefore a member of customer category 24. Members 
of customer category 24 need to identify themselves with a customer identification code 
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in older to gain access. The assigning and processing of such identification codes are 
weli known to those of skill in the art. 

Similarly, Security Profile #3, 34 permits access to Service C 40 if and only if the 
requestor seeking access is an empioyee and therefoie a member of employee category 
26. Security Profile #2, 32 permits access to Service B 38 to requestors from either 
customer category 24 or employee category 26, upon receipt of a customer identification 
code or an employee identification code. A more detailed description of the security 
system of the preferred mode of the present invention is found below. 
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Fig. 3 is a pictorial diagiam of haidwaie suite 44 of the piefened embodiment of 
the present invention. The client interfaces with the system via internet terminal 46. 
Preferably, internet terminal 46 is an industry compatible, personalized computer having 
a current version of the Windows operating system and suitable web browser, all being 
readily available commercial pioducts. Internet terminal 46 communicates ovei woild 
wide web access 48 using standardized HTML protocol. 

The Cool ICE system is resident in web sewer 50, which is coupled to internet 
terminal 46 via world wide web access 48. In the preferred mode, web server 50 is 
owned and operated by the enteiprise owning and controlling the pioprietary data base 
management system. Web server 50 may serve as the internet access provider for 
internet leiminai 46 wherein world wide web access 48 is typically a dial-up telephone 
line. This would ordinarily be the case if the shown client were an employee of the 
enteipiise. On the other hand, web server 50 may be a remote server site on the 
15 internet if the shown client has a different internet access provider. This would 
ordinarily occur if the shown ciieni were a customer or guest. 

In addition to being coupled to world wide web access 48, web server 50, 
containing the Cool ICE system, is coupled to intranet 52 of the enterprise as shown. 
Intranet 52 provides the enterprise with communication for its internal business 
20 purposes. This communication is administered and managed by enterprise server 54 

having enterprise server storage facility 56. Thus, employees and others granted access 
may communicate via intranet 52 within the physical security provided by the enterprise. 
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Also coupled to intranet 52 is departmental servei 58 having departmental servei 
storage facility 60. Additional departmental seivers (not shown) may be coupled to 
intranet 52. The enterprise data and enterprise data base management service 
functionality typically resides within enterprise server 54, departmental server 58, and any 
other departmental servers (not shown). Normal operation in accordance with the prior 
art would piovide access to this data and data base management functionality via intranet 
52 to users directly coupled to intranet 52. 

In the preferred mode of the present invention, access to this data and data base 
management functionality is also provided to users (e.g., internet terminal 46) not 
directly coupled to intranet 52, but indirectly coupled to intranet 52 via web server 50. 
As explained below in more detail, web server 50 provides this access utilizing the Cool 
ICE system resident in web server 50. 



Fig. 4 is pictograpkic view of the system of Fig. 3 with particular detail showing 
the organization and operation of the Cool ICE system 62, which is resident in the web 
server (see also Fig. 3). In this view, the client accesses the data base management 
system within the enterprise via internet terminal 54 which is coupled to the web server 
68 by world wide web path 66. Again, the internet terminal 54 is preferably an industiy 
standard computer utilizing a commercially available web browser. 

The basic request/response format of the Cool ICE system involves a "service" 
(defined in greater detail below) which is an object of the Cool ICE system. The service 
is a predefined operation or related sequence of operations which provide the client with 
a desired static or dynamic result. The services are categorized by the language in which 
they were developed. Whereas all services are developed with client-side scripting which 
is compatible with internet terminal 54 (e.g., HTML), the server-side scripting defines 
the service category. Native services utilize Cool ICE script for all server-side scripting. 
On the other hand, open services may have server-side scripting in a variety of common 
commercial languages including Jscript, VBScript, ActiveX controls, and HTML. 
Because native services are developed in the Cool ICE language, greater development 
flexibility and variety are available with this technique. 

Web server 68 provides open server processor 70 for Active Server Pages (ASP's) 
which have been developed as open services and Default ASP processor 72 for native 
services. After the appropriate decoding (i.e., native or open service), a call to the 
corresponding Cool ICE object 74 is initiated as shown. The selected object is processed 
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by Cool ICE engine 76. 

Repository 80 is a storage resource for long term storage of the Cool ICE objects 
and short term storage of the state of a particular service. Further details concerning 
repository 80 may be found by consulting the above referenced, commonly-assigned, co- 
5 pending U.S. Patent Application. In the preferred mode of the present invention, the 
objects stored in repository 80 are typically very similar to mapper runs as described 
above. For a more detailed description of mapper runs, Classic MAPPER User Manual 
is available from Unisys Corporation and incorporated herein by reference. In the more 
general case, repository 80 would typically store predefined sequences of statements in 
£§0 the command language of the enterprise data base management system(s) to be accessed. 
!z Cool ICE engine 76 sequences these previously stored command statements and 

ffi uses them to communicate via intranet 84 with the data base management system(s) 
jrj (e.g., Classic Mapper) resident on enterprise server 86 and departmental server 88. The 
H short term storage capability of repository 80 is utilized by Cool ICE engine 76 to store 
CL5 the state and intermediate products of each service until the processing sequence has 
been completed. Following completion, Cool ICE engine 76 retrieves the intermediate 
products from repository 80 and formats the output response to the client, which is 
transferred to internet terminal 54 via web server 68 and world wide web path 66. 

Cool ICE Administrator 82 is available for coordination of the operation of Cool 
20 ICE system 62 and thus can resolve conflicts, set run-time priorities, deal with security 
issues, and serve as a developmental resource. Graphing engine 78 is available to 
efficiently provide graphical representations of data to be a part of the response of a 
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service. This tends to be a particularly useful utility, because many of the existing data 
base management systems have relatively sparse resources for graphical presentation of 
data. 

The combination of Cool ICE engine 76 and repositoiy SO permits a rather 
simplistic service request from internet teiminal 54 in dialog foimat to initiate a rather 
complex series of data base management system functions. In doing so, Cool ICE engine 
76 emulates an inuaiiet user of the data base management sysiem(s) iesident on 
eiiierpiise server 86 and/or departmental seivei 88. This emulation is only made 
possible, because repository 80 stores sequences of command language statements (i.e., 
the logic of the service request) and intermediate products (i.e., the state of the service 
iequesi). It is these functions which aie not available in ordinary dialog on the woild 
wide web and aie thexefore not even defined in that enviionment. 
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Fig. 5 is a schematic diagiam 90 of the software components of the Cool ICE 
system and the softwaje components to which it interfaces in the preferred mode of the 
present invention. The client user of the Cool ICE system interfaces directly with web 

5 browser 92 which is resident on internet terminal 54 (see also Fig. 4). Web browser 92 is 
a commercially available browser operating under a current version of the Windows 
operating system (e.g., Windows 95). The only special requirement of web browser 92 is 
that it be capable of supporting frames. 

Web browser 92 communicates with web server software 96 via internet standard 

10 protocol using HTML language using world wide web path 94. Web server software 96 
is also commercially available software, which is, of course, appropriate for to the web 
server host hardware configuration. In the preferred mode of the present invention, web 
server software 96 is hosted on a Series 2200 mainframe available from Unisys 
Corporation, from which web server software 96 is readily available. 

15 Cool ICE system software 98 consists of Cool ICE Gateway 100, Cool ICE service 

handler 102, Cool ICE administration 104, Cool ICE repository 106, and Cool ICE 
scripting 108. It is these five software modules which interface to web seiver software 96 
in HTML using a dialog format and interface to data base management system 
interconnect 110 in the command language of the enterprise data base management 

20 system(s) (i.e., Classic MAPPER in the preferred mode of the present invention). 

Cool ICE gateway 100 is the interface between standard, commercially available, 
web server software 96 and the internal Cool ICE system language and logic. As such, 
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Cool ICE gateway 100 translates the dialog format, incoming HTML service request into 
internal Cool ICE language, and protocol. Intrinsic in this translation is a determination 
of the service category (see also Fig. 4) -- that is whether the service request is a native 
service (i.e., with Cool ICE server-side scripting) or an open service (i.e., with server-side 
5 scripting in another commercial language). 

The service request, received from Cool ICE gateway 100, is utilized by Cool ICE 
service handler 102 to request the corresponding object from Cool ICE repository 106 
and to open temporary state storage using Cool ICE repository 106. Cool ICE scripting 
108 is called to translate the server-side scripting of an open service request as necessary. 
10 Cool ICE service handler 102 sequences through the command language statements of 

the object received from Cool ICE repository 106 and forwards each command in turn to 
data base management system software 114 for accessing of the enterprise proprietary 
data base management system. Cool ICE service handler 102 receives each of the 
intermediate products from data base management system software 114 and transfers 
15 each to Cool ICE repository 106 for temporary storage until completion of the service 
request. Cool ICE service handler 102 retrieves the intermediate products from Cool 
ICE repository 106 upon completion of the service request and formulates the Cool ICE 
response for transfer to browser 92 via web server software 96 and world wide web path 
94. 

20 Cool ICE administration 104 implements automatic and manual control of the 

process. It provides for record keeping, for resolution of certain security issues, and for 
development of further Cool ICE objects. Interconnect 110 and interconnect 112 are 
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software interface modules for communicating over the enterprise intranet (see also Fig. 
4). These modules are dependent upon the remaining proprietary hardware and 
software elements coupled to the enterprise intranet system. In the preferred mode of 
the present invention, these are commercially available from Unisys Corporation. 
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Fig. 6 is a schematic diagram 116 showing the processing of a service request by 
the Cool ICE system. Screen 118 is the view as seen by the client or user at an internet 
terminal (see also Fig,. 4). This screen is produced by the commercially available 
browser 120 selected by the user. Any such industry standard browser is suitable, if it 
has the capability to handle frames. The language of screen 118 is HTML 124. 
Hyperlinks 126 is used in locating the URL of the Cool ICE resident server. The 
components of the URL are as follows. In many instances, this will simply be the 
internet access provider of the internet terminal, as when the internet terminal is owned 
by the enterprise and the user is an employee. However, when the user is not an 
employee and the internet terminal is not necessarily owned by the enterprise, it 
becomes more likely that hyperlinks 126 identifies a remotely located server. 

Icon 122 is a means of expressly identifying a particular service request. Such use 
of an icon is deemed to be unique. Additional detail concerning this use of an icon is 
available in the above identified, commonly assigned, co-pending U.S. Patent application. 
Window area 128 provides for the entry of any necessary or helpful input parameters. 
Not shown are possible prompts for entry of this data, which may be defined at the time 
of service request development. Submit button provides the user with a convenient 
means to transmit the service request to the web server in which the Cool ICE system is 
resident* 

Upon "clicking on" submit button 130, screen 118 is transmitted to web server 136 
via world wide web path 132. As discussed above, world wide web path 132 may be a 
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telephonic diai-up of web server 136 or it might be a iong and complex path along the 
internet if web server 136 is remote from the originating internet terminal. Web server 
136 is the software which performs the retrieval of screen 118 from world wide web path 
132. 

5 Screen 118 is tiansfened from web server 136 to Cool ICE gateway 138, wherein 

it is converted to the internal Cool ICE protocol and language. A browser input file is 
opened at storage resource 146 via path 140. Tnus the initial service request can be 
accessed from storage resource 146 during processing up until the final result is 
transferred back to the user. This access readily permits multi-step and iterative service 

10 request processing, even though the service request was transferred as a single internet 
dialog element. This storage technique also provides initially received input parameters 
to later steps in the processing of the service request. 

Cool ICE gateway 138 notifies Cool ICE service handier 156 that a service 
request has been received and logged in. The service request itself is utilized by Cool 

15 ICE service handler 156 to retrieve a previously stored sequence of data base 

management system command statements from repository 166. Thus, in the general 
case, a single service request will result in the execution of a number of ordered data 
base management system commands. The exact sequence of these commands is defined 
by the service request developer as explained in more detail below. 

20 Service input parameters 170 is prepared from the service request itself and from 

the command sequence stored in repository 166 as shown by path 164. This list of input 
parameters is actually stored in a dedicated portion of repository 166 awaiting processing 
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of the service request. 

Each command statement from repository 166 identified with the service request 
is sequentially presented to Cool ICE service 168 for processing via path 160. The 
corresponding input parameter from service input parameters 170 is coupled with each 
5 command statement via path 176 to produce an appropriate query of the enterprise data 
base management system at Cooi ICE service 168. After the enterprise data base 
management system has responded to a given query, the intermediate products are 
stored as entries in HTML document 172 which is also stored in a dedicated portion of 
repository 166. 

10 After all command statements corresponding to the service request have been 

processed by the enterprise data base management system and HTML document 172 has 
been completed, the result is provided via path 156 to Cool ICE service handler 156 for 
temporary storage as a browser output file in storage resource 154 via path 152. Cool 
ICE gateway 138 receives the browser output file via path 148. The response is 

15 converted to HTML protocol and transferred by web server 136 and world wide web 
path 134 to be presented to the user as a modified screen (not shown). 
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Fig. 7 is a pictographic drawing 178 of the development process for creating a 
Cool ICE service. HTML document 180 is created utilizing any commercially available 
standard HTML authoring tool (e.g., Microsoft FrontPage). The resulting HTML 
document 180 is stored as a normal .HTM file. This file will be utilized as a template of 
the service to be developed. 

The authoring process moves along path 182 to invoke the administration module 
of the Cool ICE system at element 184. The new dynamic service is created using 
HTML document 180 stored as a normal .HTM file as a template. As HTML document 
180 is imported into Cool ICE, sequences of script for the beginning and end of the 
HTML code are automatically appended to the service. Required images, if any, are 
also uploaded onto the web server (see also Figs. 5 and 6). The service is edited by 
inserting additional Cool ICE script, as required. A more detailed description of the 
editing process may be found in Cool ICE User's Guide, Revision 1.1, available from 
Unisys Corporation and incorporated herein by reference. 

The completed service script is transferred along path 186 to element 188 for 
storage. The service is stored as an object in the repository (see also Figs. 5 and 6). 
Storage is effected within the appropriate category 190 as discussed above, along with 
services 192, 194, and 196 within the same category. 

The process proceeds along path 198 to element 200 for testing. To perform the 
testing, the URL for the newly created service is entered into the browser of the internet 
terminal, if known. The typical URL is as follows: 
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http://inachine-iiaiiie/iCEGate/Categoiy/Sei*vice 
If the URL for the new service is not known, a list of the available services may be 
determined from the Cool ICE system by specifying the Cool ICE URL as follows: 

http;://machine-name/ICEGate 

This call will result in a presentation of a menu containing the defined categories. 
Selecting a category from the list will result in a menu for the services defined within 
that category. The desired service can thus be selected for testing. Selection of the 
service by either means will result in presentation of the HTML page as shown at 
element 200. 

The process proceeds to element 204 via path 202, wherein the HTML page may 
be enhanced. This is accomplished by exporting the HTML document from the Cool 
ICE administration module to a directory for modification. By proceeding back to 
HTML document 180 via path 208, the exported HTML template is available for 
modification using a standard HTML authoring tool. After satisfactory completion, the 
finished HTML document is saved for future use. 
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Fig. 8 is a diagram showing a comparison between dialog-based structure 210 and 
service-based structure 212. Dialog-based structure 210 is the norm for the typical 
existing proprietary data base management system (e.g., Classic MAPPER). The user, 
normally sitting at a dedicated user terminal, transfers output screen 214 to the data base 
management system to request a service. The user terminal and its normally dedicated 
link are suspended at element 216 to permit transfer and operation of the data base 
management system. The input is validated at element 218, while the user terminal and 
its normally dedicated link remains suspended. 

The data base management system processes the service request at element 220 
while the user terminal remains suspended. Output occurs at element 222 thereby 
releasing the suspension of the user terminal. Thus, a true dialog is effected, because 
one part of the dialog pair (i.e., the user terminal) is suspended awaiting response from 
the data base management system. This type of dialog is best accomplished in an 
environment wherein at least the user terminal (or data base management system) is 
dedicated to the dialog, along with the link between user terminal and data base 
management system. 

Service-based structure 212 illustrates on of the basic constraints of the world 
wide web protocol. To ensure that each of the elements on the world wide web are 
sufficiently independent to prevent one element from unduly delaying or "hanging-up" 
another element to which it is coupled awaiting a response, the communication protocol 
forces a termination after each transmission. As can be readily seen, even the simplest 
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dialog requires at least separate and independent transactions or services. The first 
service, Service 224, involves the transmissions of output form 228 from the internet user 
terminal. This transmission is immediately and automatically followed by termination 
230 to ensure independence of the sender and receiver. 

The second service, Service 226, enables the receiver of output form 228 to 
process the request and output an appropriate response. The validation of the input at 
element 232, processing 234, and output 236 all occur within the receiver of output form 
228. Immediately and automatically, termination 238 follows. Thus, if internet 
transactions are to be linked into a true dialog to permit data base management 
functions, the state must be saved from one service to the next as taught herein. 

In the preferred mode of the present invention, the state of a service is saved in 
the repository (see also Figs. 4 and 5) for use in the next or subsequent services. 
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Fig. 9 is a schematic diagram 240 of the preferred mode of the present invention 
showing normal data flow during operation, with special attention to the state saving 
feature. Work station 242 is an industry compatible personal computer operating under 
5 a commonly available operating system such as Windows 95. Browser 244 is a standard, 
commercially available web browser having frames capability. Path 248 is the normal 
world wide web path between work station 242 and web server 254 for the transfer of 
service requests and input data. These transfers are converted by Cool ICE gateway 256 
as explained above and sent to Cool ICE service handler 258 via path 266 for 
10 disposition., 

The service request for data and/or another function is converted into the data 
base management language by reference to the service definition portion of repository 
262 through reference along path 276. The actual command language of the data base 
management system is utilized over path 286 to access data base 264. The resultant data 

15 from data base 264 is transferred to Cool ICE administrator 290 via path 288. State 

manager 260 determines whether the original service request requires additional queries 
to data base 264 for completion of the dialog. If yes, the resultant data just received 
from data base 264 is transferred via path 284 to repository 262 for temporary storage, 
and the next query is initiated over path 286, and the process is repeated. This is the 

20 state saving pathway which is required to provide the user of the Cool ICE system to 
function in a dialog form over the world wide web. 

Upon receipt of the resultant data from the final query of data base 264, state 
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manager 260 determines that the service request is now complete. State manager 260 
notifies repository 262 via path 280, and the intermediate products are retrieved from 
temporary storage in repository 262 via path 278 and supplied to Cool ICE service 
handler 258 via path 272 for formatting. State manager 260 then clears the intermediate 
products from temporary storage in repository 262 via path 282. The final response to 
the service request is sent to Cool ICE gateway 256 via path 270 for translation and to 
browser 244 via path 250. 
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Fig, 10 is a detailed diagram 300 showing operation of the security system during 
the honoring of a service request. The user, operating industry compatible, personalized 
computer, workstation 302, formats a seivice requests via commercially available web 
browser 304. In the preferred mode of the present invention, this is accomplished by 
making a call to the Cool ICE system. The user simply requests access to the Cool ICE 
home page by transferring web browser 304 to the URL of Cool ICE system. After the 
Cool ICE home page has been accessed, one of the buttons is clicked requesting a 
previously defined service request. For additional detail on the service request 
development process, see above and the above referenced commonly assigned, co- 
pending U.S. Patent Applications. 

The service request is transferred to web server 314 via world wide web path 306. 
The service request is received by Cool ICE gateway 322 and translated for use within 
the Cool ICE system. The request is referred to service handler 332 via path 324. In 
the preferred mode of practicing the present invention, service handler 332 is basically 
equivalent to the Classic MAPPER data base management system. The service request 
is passed to Cool ICE administration 344 via path 334 for retrieval of the command 
language script which describes the activities required of the data base management 
system to respond to the service request. 

Cool ICE administration 344 makes an access request of Cool ICE service portion 
340 of repository 342 via path 338. It is within Cool ICE service portion 340 of 
repository 342 that the command language script corresponding to the service request is 
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stored. The command language script is obtained and transferred via path 336 to service 
handier 332 for execution. Along with the command language script, a security profile, if 
any, is stored for the service request. As explained in the above referenced, commonly 
assigned, co-pending U.S. Patent Application, the security profile, if required, is added to 
5 the command language script file at the time of service request development by the 

service request developer. This security profile identifies which of the potential service 
requestors may actually be provided with a complete response. The security profile, if 
any, is similarly transferred to service handler 332 via path 336. 

If no security profile has been identified for the service request, service handler 
%0 332 executes the command language script received via path 336 through access of 
S remote database 316 via paths 318 and 320, as required. The response is transferred to 
j*j Cool ICE gateway 322 via path 328 for conversion and transfer to workstation 302 via 
m world wide web path 310. 

H However, if a security profile has been identified for the service request, service 

Qi5 handler 322 requests the user to provide a user-id via path 330, Cool ICE gateway 322, 
1 and world wide web path 312. Service handler 332 awaits a response via world wide web 
path 308, Cool ICE gateway 322, and path 326. Service handler 332 compares the user- 
id received to the security profile stored with the command language script. If the user 
matches the security profile, access is granted and service handler 322 proceeds as 
20 described above. If the user does not match with the stored security profile, the service 
request is not executed and the user is notified via diagnostic message. 
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Fig, 11 is a schematic diagram 350 showing access by users with different security 
profiles to different portions of the same data base 352. In this example, the user 

*• *j * * * 1 s\r-rr% 1 * 1 1*1*1 ' ' f" j! 

operating miernei terminal nas a user-m wmcn laenimes me user as a manager 
5 within the human resources department of the subject enterprise. The human resources 
department is located at a facility of the enterprise which does not contain the hardware 
or softwaie to be utilized in accessing the data base. Similarly, the user of iniemei 
terminal 382 is a manager within the accounts payable department of the enterprise who 
is located in yet another facility. The user of internet terminal 380 is a receptionist at 
^30 one of the manufacturing plants of the enterprise. 

?£ s Data base 352 is a data base piepared and maintained by the human resources 

hj department of the enterprise. As such, it contains information concerning employees or 

'4 : me emerpnse navmg very airrerem leveis oi sensravity. r urcnermore, access xo some oi 

h ~ the information concerning enterprise employees is regulated by federal and state law. 

^15 By way of example and not to be viewed as limiting of the present invention, data 

S base 352 contains six (6) separate data tables. Phone #'s 354 is a data table having the 

telephone numbers of the employees of the enterprise. Entry 366 is a record containing 
the telephone number of a particular one of the employees of the enterprise. Authority 
356 is a data table showing the dollar level of authority of each of the employees to 
20 commit the enterprise to financial obligations (e.g., purchasing). Record 368 is the dollar 
level of authority of a particular one of the employees of the enterprise. 

Compensation 358 is a data table showing the annual compensation levels of each 
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of the employees of the enterprise. Entry 370 shows the current salary of a particular 
employee of the enterprise. Supervisor 360 is a data table listing the immediate 
supervisor of each employee of the enterprise. Data table Coinp. History 362 provides 
the compensation history of each employee during the period of employment at the 
5 enterprise. Entry 374 is record of the compensation histoiy of a given employee. Job 
Title 364 is a data table listing the job title of each employee. The job title of a given 
employee is found in sample record 376. 

The user-id of the operator of internet terminal 378 identifies her as a 
management level employee within the human resources department. In that capacity, 
310 she is charged within the enterprise with the creation and maintenance of data base 352. 
pi Therefore, as schematically shown, her user-id is correlated with a security profile giving 

=y her access to ail of the data within data base 352. Thus, she is permitted by the Cool 

in ICE system to read and modify any of the data within data base 352 via the world wide 

f* web. 

"315 In the current example, internet terminal 380 is also coupled via the world wide 

J5 web to data base 352. The user-id of the operator of internet terminal 380 identifies him 

as a receptionist within one of the manufacturing plants of the enterprise and provides 
him with a corresponding security profile. In this job position, it is unnecessary, unwise, 
and probably illegal to give him general access to all of the information within data base 
20 352. However, the receptionist does have a need to access the telephone numbers of the 
employees of the enterprise as necessary to the performance of his job. In the preferred 
mode of the present invention, he is provided with access to only a single data table, 
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Phone #'s 354, within data base 352. Because the preferred mode of the present 
invention can restrict his access to a single data table within data base 352, he is given 
appropriate, and only appropriate access, without the need to duplicate the information 
from Phone #'s 354 as a separate data base. Providing such duplication is not only 

5 wasteful, but it presents extraordinary data base maintenance problems to ensure the 
duplicate copies of a given table remain consistent. 

Internet terminal 382 is operated by a management level employee within the 
accounts payable department. As part of her job, she is charged with the task of 
verifying that another employee requesting issuance of a check of the enteiprise in 

10 payment of a debt of the enterprise, actually has been granted a dollar authority 
consistent with his request. Therefore, she has a need for access to the data table 
Authority 356. Record 368 of Authority 356 specifies the dollar level of authority of the 

requesting employee. 

However, the management level employee within the accounts payable 
15 department has no need for access to the remainder of the sensitive data within data 

base 352. Therefore, her user-id correlates with a security profile giving her access only 
to Authority 356 and no other data within data base 352. 
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Fig. 12 is a view of the highest level window 344 of Cool ICE Administration (see 
also above). It is the Cool ICE Administration module which is responsible for 
maintaining the security profiles of each service request and data element. Cool ICE 
Administration window 344, as identified by title 346, is directly available from the Cool 
ICE main menu. The Cool ICE main menu is displayed in response to a transfer to the 
Cool ICE URL (see also above). Security button 348 is provided for access to the 
security maintenance functions of the Cool ICE Administration module. ClicMng on 
security button 348 provides entiy to the security maintenance functions. 
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Fig. 13 is a view of security maintenance main window 360, which is reached by 
clicking on security button 348 (see also above). Of course, access to security 
maintenance main window 360 requires a user-id correlating with a security profile 
5 adequate to security profile maintenance. Title 362 identifies security maintenance main 
window 360, 

The user must access the security profile table of the service request and/or data 
base of interest using select button 378. In the present example, the manager from the 
human resources department is utilizing internet terminal 378 to maintain the view of the 
JSLO security definitions for data base 352 (see also Fig. 11), The interface hierarchy provides 
gj a list 386 of the tables within data base 352. Authority caption 388 is selected providing 

Ly access to the security profiles for Authority 356 (see also Fig. 11). 

HI The security profiles currently corresponding to Authority 356 are displayed in the 

[ A profile window. HR 380 shows that the human resources security profile is to be 

^ 15 provided access to table Authority 356 of data base 352. Similarly, A. Payable 382 shows 
that the accounts payable manager previously identified as the user of internet terminal 
382 is also to be provided access to Authority 356 of data base 352. Empty space 384 
shows that no other security profiles are currently to be provided access to Authority 
356. 

20 Button 368 enables an authorized user to add an additional security profile for 

access to Authority 356. Button 370 permits and authorized user to modify an existing 
security profile. Button 372 permits removal of a security profile. Button 374 establishes 
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reinheritance. Button 376 provides an authorized user with a report of the security 
profiles corresponding to a given data table. Button 366 permits the user to save a new 
or modified security profile allocation. The remaining buttons are deemed to be self 
explanatory. 



Having thus described the preferred embodiments of the present invention, those 
of skill in the art will be readily able to adapt the teachings found herein to yet other 
embodiments within the scope of the claims hereto attached. 

WE CLAIM: 
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1. In a data processing environment having a user terminal with a user-id for generating 
a service request for access to a first data table responsively coupled to a data base 
management system having at least one data base with at least one data table wherein 
said at least one data table includes said first data table, the improvement comprising: 
a security profile corresponding to said user-id whereby said data base 
management system permits said user terminal to access said first data table if and 
only if said security profile corresponds to access to said first data table, 

2. The improvement according to claim 1 wherein said at least one data table is a 
plurality of data tables and said security profile does not correspond to access of at least 
one of said plurality of data tables. 

3. The improvement according to claim 2 further comprising a second user terminal with 
a second user-id for generating a second service request for accessing a second one of 
said plurality of data tables wherein said second user terminal is prohibited from accessing 
said first data table. 

4. The improvement according to claim 3 further comprising a third user terminal with a 
third user-id for generating a third service request for accessing every one of said plurality 
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of data tables wherein said third user-id corresponds to a third security profile for 
accessing every one of said plurality of data tables. 

5. The improvement according to claim 4 wherein said data base management system is 
5 Classic MAPPER. 

6. An apparatus comprising: 

a. a user terminal having a user-id; 

b. a data base management system having access to a data base with a plurality of 
10 data tables responsiveiy coupled to said user terminal; and 

c. a security prome locaieu wiimn saiu uaia uase management system 
corresponding to said user-id wherein said data base management system provides 
access to a particular one of said plurality of data tables of said data base by said 
user terminal if and only if said user-id corresponds to said security profile. 

15 

7. The apparatus of claim 6 wherein said user terminal accesses said data table by 
transferring a service request to said data base management system. 

8. The apparatus of claim 7 wherein said data base management system accesses said 
20 data base using a command language script. 

9. The apparatus of claim 8 wherein said sendee request corresponds to said command 
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language script. 



10. The apparatus of claim 9 wherein said security profile corresponds to said command 
language script. 

5 

11. A method of utilizing a user terminal having a user-id to access a remote data base 
management system having a data base with a plurality of data tables comprising: 

a. transmitting a service request requiring access to a one of said plurality of 
data tables from said user terminal; 
10 b. receiving said service request by said remote data base management system; 

c. determining a security profile corresponding to said service request; 

d. comparing said security profile with said user-id; and 

e. honoring said service request if and only if said user-id corresponds to said 
security profile. 

15 

12. A method according to claim 11 wherein said transmitting step further comprises 
transmitting said user-id. 

13. A method according to claim 12 wherein said honoring step further comprises 
20 executing a command language script corresponding to said service request. 

14. A method according to claim 13 wherein said comparing step further comprises 
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accessing said security profile as corresponding to said command language script. 



15. A method according to claim 14 wherein said remote data base management system 
further comprises Classic MAPPER data base management system. 

5 

16. An apparatus comprising; 

a. means having a user-id for permitting a user to interact with a data table of a 
digital data base having a plurality of data tables using a service request; 

b. means responsively coupled to said permitting means for offering data processing 
210 services involving access to said data table to said user in response to said service 

gj request; 

y c. means responsively coupled to said offering means for preventing said offering 

111 means from said offering data processing services to said user in response to said 

service request unless said user-id corresponds to a security profile wherein said 
^ 15 security profile permits access to said data table. 

17. An apparatus according to claim 16 wherein said offering means further comprises 
means for storing command language script corresponding to said service request. 

20 18. An apparatus according to claim 17 wherein said storing means also stores said 
security profile. 
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19. An apparatus according to claim 18 wherein said offering means further comprises 
Classic MAPPER data base management system. 

20. An apparatus according to claim 19 wherein said permitting means further comprises 
an industry standard personal computer. 
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Aii apparatus for and method of utilizing an internet terminal coupled to the 
5 world wide web to access an existing proprietary data base management system having a 
dialog-based request format. The user request is received by a web server from the 
world wide web and converted into one or more sequenced data base management 
commands stored as corresponding to the service request. A security profile, if 
necessary, is also stored with the one or more sequenced data base management 
TdO commands based upon the specific data tables within the data base which must be 
m accessed to honor the service icquesL The security piofiie is compared to the usei-id of 

id ihe requestor. If a match is found, the data base management commands aie 

III sequentially presented to the data base management system and the intermediate 

f* products stored. After ail of the sequenced data base management commands have been 

^15 executed, the web server combines the intermediate products to form a complete 
2 response to the initial user request. Trie response is transferred to the user over the 

world wide web. If the user-id and security profile do not match, the service request is 
not executed and an error response is provided to the user. 
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COMBINED DECLARATION/POWER OF ATTORNEY FOR PATENT APPLICATION 

As a below named inventor, I hereby declare that: 

My residence, post office address and citizenship are as stated below next to my name. 

I believe that I am the original, first and sole inventor (if only one name is listed below) or an 
original, first and joint inventor (if plural names are listed below) of the subject matter which is 
claimed and for which a patent is sought on the invention entitle d COOL ICE TABLE PROFILING 
the specification of which (check one) 

XX is attached hereto 

was filed on 

as U.S. Application 

Serial No. 



and was amended on (if 

applicable) 

I hereby state that I have reviewed and understand the contents of the above-identified specification, 
including the claims, as amended by any amendment referred to above. 

I acknowledge the duty to disclose information which is material to the examination of this 
application in accordance with Title 37, Code of Federal Regulations, § 1.56(a). 

I hereby claim foreign priority benefit(s) under Title 35, United States Code §1 19 of any foreign 
applications) for patent or inventor's certificate listed below and have also identified below any 
foreign application(s) for patent or inventor's certificate having a filing date before that of the 
application on which priority is claimed: 

Priority 

Prior Foreign Applications) Claimed 



(Number) (Country) (Day/Month/Year Filed) YES NO 



(Number) (Country) (Day/Month/Year Filed) YES NO 



(Number) 



(Country) 



(Day/Month/Year Filed) 



YES NO 



I hereby claim the benefit under Title 35, United States Code, §120 of any United States 
application(s) listed below and, insofar as the subject matter of each of the claims of this application 
is not disclosed in the prior United States application in the manner provided by the first paragraph 
of Title 35, United States Code, §1 12, 1 acknowledge the duty to disclose material information as 
defined in Title 37, Code of Federal Regulations, § 1.56(a) which occurred between the filing date 
of the prior application and the national or PCT international filing date of this application: 



(Serial No.) (Filing Date) (Status) (patented, pending, abandoned) 



(Serial No.) (Filing Date) (Status) (patented, pending, abandoned) 



POWER OF ATTORNEY: As a named inventor, I hereby appoint the following attorney(s) and/or 
agent(s) to prosecute this application and transact all business in the Patent and Trademark Office 
connected therewith. 

John L. Rooney, Reg. No. 28,898 
Lawrence M. Nawrocki, Reg. No. 29,333 
Wayne A. Sivertson, Reg. No. 25,645 
Charles A. Johnson, Reg. No. 20,852 
Beth L. McMahon, Reg. No. P41,987 
Donald A. Jacobson, Reg. No. 22,308 

Send correspondence to: 

Charles A. Johnson 
UNISYS CORPORATION 
P.O. Box 64942 
MS 4772 

St. Paul, MN 55164 
(651)635-7702 

I hereby declare that all statements made herein of my own knowledge are true and that all 
statements made on information and belief are believed to be true; and further that these statements 
were made with the knowledge that willful false statements and the like so made are punishable by 
fine or imprisonment, or both, under Section 1001 of Title 18 of the United States Code and that 
such willful false statements may jeopardize the validity of the application or any patent issued 
thereon, I further declare that I understand the content of this declaration. 



Full name of sole or first inyentor Niels Gebauer ^ 

Inventor's Signature A_Vr &> rJb O^^^^ Date -9 JP 

Residence New South Wales. Australia Citizenship Danish 

Post Office Address 8/86 Milson Road. Cremorne. New South Wales. Australia 2090 

Full name of second inventor Seongho Bae 

Inventor's Signature ^^S^^>^- ^gk. Date ^Aof#f 

Residence New South Wales. Australia Citizenship Australian 

Post Office Address 62 Chelmsford Avenue. Epping. New South Wales. Australia 2121 

Full name of third inventor Julian C. Watts , , ^ 

Inventor's Signature _ JuC&<^- Date IX/to/'it 

Residence New South Wales. Australia Citizenship Australian 

Post Office Address 146 Dartford Road. Thornleieh. New South Wales. Australia 2120 
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1.56 Duty to disclose information material to patentability. 

(a) A patent by its very nature is affected with a public interest The public interest is best served, and the most effective patent examination occurs when, 
at the time an application is being examined, the Office is aware of and evaluates the teachings of all information material to patentability. Each individual associated 
with the filing and prosecution of a patent application has a duty of candor and good faith in dealing with the Office, which includes a duty to disclose to the Office 
all information known to that individual to be material to patentability as defined in this section. The duty to disclose information exists with respect to each pending 
claim until the claim is cancelled or withdrawn from consideration, or the application becomes abandoned. Information material to the patentability of a claim that 
is cancelled or withdrawn from consideration need not be submitted if the information is not material to the patentability of any claim remaining under consideration 
in the application. There is no duty to submit information which is not material to the patentability of any existing claim. The duty to disclose all information known 
to be material to patentability is deemed to be satisfied if all information known to be material to patentability of any claim issued in a patent was cited by the Office 
or submitted to the Office in the manner prescribed by §§ 1 .97(b)-(d) and 1 .98. However, no patent will be granted on an application in connection with which fraud 
on the Office was practiced or attempted or the duty of disclosure was violated through bad faith or intentional misconduct. The Office encourages applicants to 
carefully examine: 

(1) prior art cited in search reports of a foreign patent office in a counterpart application, and 

(2) the closest information over which individuals associated with the filing or prosecution of a patent application believe any pending claim patentably 
defines, to make sure that any material information contained therein is disclosed to the Office. 

(b) Under this section, information is material to patentability when it is not cumulative to information already of record or being made of record in the 
application, and 

(1) It establishes, by itself or in combination with other information, a prima facie case of unpatentability of a claim; or 

(2) It refutes, or is inconsistent with, a position the applicant takes in: 

(i) Opposing an argument of unpatentability relied on by the Office, or 

(ii) Asserting an argument of patentability. 

A prima facie case of unpatentability is established when the information compels a conclusion that a claim is unpatentable under the preponderance of evidence, 
burden-of-proof standard, giving each term in the claim its broadest reasonable construction consistent with the specification, and before any consideration is given 
to evidence which may be submitted in an attempt to establish a contrary conclusion of patentability. 

(c) Individuals associated with the filing or prosecution of a patent application within the meaning of this section are: 

(1) Each inventor named in the application: 

(2) Each attorney or agent who prepares or prosecutes the application; and 

(3) Every other person who is substantively involved in the preparation or prosecution of the application and who is associated with the inventor, with 
the assignee or with anyone to whom there is an obligation to assign the application. 

(d) Individuals other than the attorney, agent or inventor may comply with this section by disclosing information to the attorney, agent, or inventor. 



